APPLIED: [PATCH] UBUNTU: SAUCE: seccomp: log actions even when audit is disabled
Tim Gardner
tim.gardner at canonical.com
Wed Sep 21 19:20:16 UTC 2016
On 09/21/2016 01:17 PM, Tim Gardner wrote:
> On 09/21/2016 12:04 PM, Tyler Hicks wrote:
>> https://launchpad.net/bugs/1626194
>>
>> Upstream commit 96368701e1c89057bbf39222e965161c68a85b4b changed the
>> auditing behavior of seccomp so that actions are only logged when the
>> audit subsystem is enabled. A default install of Ubuntu does not include
>> the audit userspace and simply enabling the audit subsystem, without
>> filtering some audit events, would result in more audit records hitting
>> the system log than usual.
>>
>> This patch undoes the functional change in upstream commit
>> 96368701e1c89057bbf39222e965161c68a85b4b and goes back to the old
>> behavior of logging seccomp actions even when audit is not enabled.
>>
>> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>> ---
>> include/linux/audit.h | 3 ---
>> 1 file changed, 3 deletions(-)
>>
>> diff --git a/include/linux/audit.h b/include/linux/audit.h
>> index 9d4443f..1737be6 100644
>> --- a/include/linux/audit.h
>> +++ b/include/linux/audit.h
>> @@ -315,9 +315,6 @@ void audit_core_dumps(long signr);
>>
>> static inline void audit_seccomp(unsigned long syscall, long signr, int code)
>> {
>> - if (!audit_enabled)
>> - return;
>> -
>> /* Force a record to be reported if a signal was delivered. */
>> if (signr || unlikely(!audit_dummy_context()))
>> __audit_seccomp(syscall, signr, code);
>>
>
> Tyler - this appears to have already been applied to Yakkety master-next.
>
> rtg
>
Never mind, it helps to be in the right repo.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list